Twitter representatives finally commented on the recent data breach of 200 million users of the social network. According to them, user information was collected by hackers not through a vulnerability in the API, as information security specialists previously believed.Let me remind you that another “drain” of Twitter user data occurred in early January. The dump was published on a popular hacker forum for only $2 (that is, practically free). The journalists managed to authenticate many email addresses from this database, and the creator of the Have I Been Pwned leak aggregator added a fresh leak to his service.
Information security experts believed that this dump appeared on the black market due to a well-known problem. The fact is that since the summer of 2022, attackers have been selling or distributing for free large sets of Twitter user data containing both private (phone numbers and email addresses) and public information. These dumps emerged due to exploiting a vulnerability in the Twitter API that allowed to enter multiple email addresses and phone numbers to see if they were associated with a specific Twitter ID.
As representatives of Twitter now said, the company did not find evidence that the data was obtained by exploiting a vulnerability in the social network’s systems.
Interestingly, last year, after the data breach of 5.4 million users, Twitter admitted that the root of the problem was related to an API vulnerability.
Also, Twitter emphasized what was already known before: the dump did not contain passwords or information that could lead to password compromise.
Since the problem was supposedly not a vulnerability, the company believes that the new dump “is a set of data previously already available on the Internet in various sources.” At the same time, the company did not explain how the attackers managed to match the email addresses of users with specific accounts.
User Review( votes)